asyncrat | e0d8a28d8cb75dcf78bfc4ddecbdbf89a837e133ec9913959e4dfd84d34fad24 | Triage

Submit
Reports

Overview

overview

Static

static

Wezwanie K...DF.scr

windows7_x64

Wezwanie K...DF.scr

windows10-2004_x64

Sharing

General

Target

Wezwanie Komornicze PDF.zip
Size

269KB
Sample

220119-jhwmxsgabq
MD5

3782c546ed49df842582bef529211e6d
SHA1

a845e340b1d98f5477886d1c92b62ba6a03dad19
SHA256

e0d8a28d8cb75dcf78bfc4ddecbdbf89a837e133ec9913959e4dfd84d34fad24
SHA512

df8bb7505a33a45ee4676072d3ab4272d26117325c7d6b4642db301b9a896bdb823597e32c5d6e33460e68e94851804ed3f94dbeab4fabfa4fb775c223c0d68f

Score

10^/10

asyncrat default persistence rat spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

Wezwanie Komornicze PDF.scr

Resource

win7-en-20211208

asyncrat default rat spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Wezwanie Komornicze PDF.scr

Resource

win10v2004-en-20220112

asyncrat default persistence rat spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

ssonn.v6.rocks:7707

sson.dnsup.net:7707

Mutex

PLPL

Attributes

anti_vm
false
bsod
false
delay
3
install
false
install_folder
%AppData%
pastebin_config
null

aes.plain

Targets

- Target
  
  Wezwanie Komornicze PDF.scr
- Size
  
  484KB
- MD5
  
  63979e4d969c99f74486cc2fb4a1b368
- SHA1
  
  76dffbc7c5a3992a46e7f56144db07cb3d652e56
- SHA256
  
  dc9501ac1cba2c957ed7e1a8d2922839fcc3d19c44ce70d959a22cbd2d0c6d84
- SHA512
  
  59e492e920e030ae8a92c3c222d9e18a7c89b5f52ec5c7e1ed9131f6caf10ad1e567fea7747897a90cdb1ce1b1f094764fac08cbd2110c4ad9c489a87ccffff1
Score

10^/10

asyncrat default rat spyware stealer suricata persistence
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
  suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
  suricata
- Async RAT payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultratspywarestealersuricata

behavioral2

asyncratdefaultpersistenceratspywarestealersuricata

© 2018-2024

Terms | Privacy